CN111582496A - Safe and efficient deep learning model prediction system and method based on SGX - Google Patents
Safe and efficient deep learning model prediction system and method based on SGX Download PDFInfo
- Publication number
- CN111582496A CN111582496A CN202010338636.2A CN202010338636A CN111582496A CN 111582496 A CN111582496 A CN 111582496A CN 202010338636 A CN202010338636 A CN 202010338636A CN 111582496 A CN111582496 A CN 111582496A
- Authority
- CN
- China
- Prior art keywords
- model
- deep learning
- data
- sgx
- server module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Medical Informatics (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Mathematical Physics (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Computation (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a safe and efficient deep learning model prediction method based on SGX.S 1, a model provider terminal uploads a deep learning model through a model import module, and the model import module converts deep learning models with different formats into models which can be executed in a deep learning calculation frame according to the deep learning calculation frame in the SGX; s2, carrying out key agreement between the model user terminal and an RPC server module in the SGX to obtain a communication key, wherein the communication key is used for encrypting data to be predicted provided by the model user terminal and a prediction result of a deep learning model in the SGX; and S3, the model user terminal signs and encrypts the data to be predicted by using the communication key and decrypts and verifies the prediction result.
Description
Technical Field
The invention relates to the technical field of machine learning safety, in particular to a safe and efficient deep learning model prediction system and method based on SGX.
Background
Machine learning, particularly deep learning, is a representative of the field of artificial intelligence, and exhibits excellent performance in fields including image recognition and speech translation, and thus is widely used in related application scenarios to solve a series of practical problems including authentication and gait recognition.
However, the deep learning model faces various security problems in the process of deployment and use, and the security problems exist between the deep learning model and the user and between the user and a server where the deep learning model is located. For example, when data transmission is performed between a user and a model, a third party may eavesdrop on the data, thereby causing sensitive information leakage; or data is tampered, so that computing resources are wasted; in addition, as the server where the deep learning model is located may have malicious behaviors, sensitive data transmitted to the server by a user may be directly stolen and tampered by the malicious server; on the other hand, the model provider also wants to protect the trained model itself from exposing information related to the model, such as parameters, structures, corresponding training data sets, etc., to the outside during the prediction process. For example, there is a method of inferring an attack to members of model training, and whether an input sample of an attacker model is input to training data of the model can be inferred. And the activation function output and the loss function value, etc. of the middle layer of the model can be utilized by a malicious server to launch the attack. These security issues all present unpredictable risks to the model user terminal and the model provider.
The introduction of SGX (Software Guard Extensions) in deep learning provides a solution to the above-mentioned problem. Tope et al propose a prediction process to accomplish deep learning in SGX, but this approach does not consider data security between the user and the machine learning model; lucjan et al propose a method to accomplish model prediction in SGX, but this solution is to run the model in a user-side SGX environment without using the computing resources of the server. This, in addition to idling the computing resources of the server, also increases the communication cost between the client and the server. Meanwhile, all the schemes only support the model to enable the CPU to complete the prediction process, and the use of the GPU is not considered, so that the efficiency is lower than that of a conventional deep learning model operation method.
Therefore, the industry is urgently required to develop a safe and efficient deep learning model prediction method capable of ensuring the confidentiality and the integrity of data and a model in the operation process of the model.
Disclosure of Invention
The invention aims to overcome the defects in the prior art and provides a safe and efficient deep learning model prediction system and method based on SGX, which can ensure the confidentiality and the integrity of data and a model in the running process of the model.
The purpose of the invention is realized by the following technical scheme:
a safe and efficient deep learning model prediction system based on SGX comprises: a model provider terminal, a model user terminal and a server; the server comprises a model importing module, a data encryption module, an RPC (remote procedure call) server module and a GPU (Graphics Processing Unit) accelerating module; the model provider terminal is used for sending the deep learning models with different formats to the model import module; the model user terminal is used for agreeing a key with the RPC server module, signing and encrypting data to be predicted according to the agreed key, and sending the encrypted data to be predicted to the RPC server module; the model import module is used for converting deep learning models with different formats uploaded by a model provider terminal into models capable of running on a deep learning calculation frame of the RPC server module according to a deep learning execution frame in the SGX; the data encryption module is used for decrypting encrypted data transmitted to the SGX from the outside and encrypting data output by the SGX from the outside; the RPC server module is positioned in the SGX and used for loading the model file obtained by the conversion of the model import module, sending data input by the user to the deep learning model to obtain a prediction result and returning the prediction result to the user; and the GPU acceleration module is used for finishing linear operation of the deep learning model prediction process.
A safe and efficient deep learning model prediction method based on SGX comprises the following steps:
s1, uploading the deep learning model by the model provider terminal through the model import module, and converting the deep learning models with different formats into models which can be executed in the deep learning calculation framework by the model import module according to the deep learning calculation framework in the SGX;
s2, carrying out key agreement between the model user terminal and an RPC server module in the SGX to obtain a communication key, wherein the communication key is used for encrypting data to be predicted provided by the model user terminal and a prediction result of a deep learning model in the SGX;
s3, the model user terminal signs and encrypts data to be predicted by using the communication key, and then sends the encrypted data to the RPC server module;
s4, the RPC server module decrypts the encrypted data by using the communication key to obtain plaintext data, and then verifies the signature; if the verification is passed, the plaintext data is input into the deep learning model;
s6, the GPU acceleration module receives the data which is sent by the RPC server module and added with the mask, and after the data is subjected to linear operation, the GPU acceleration module returns the data to the RPC server module; the RPC server module removes masks from the data, sends the data to the deep learning model, performs the next operation, and repeats the step S6 until the model prediction is finished;
and S7, the RPC server module signs the prediction result, encrypts the prediction result by using the communication key, returns the encrypted result to the model user terminal, and decrypts the encrypted result and verifies the signature by using the communication key by the model user terminal to obtain the prediction result.
Preferably, step S1 includes:
s101, uploading the deep learning model m to a server by a model provider terminal;
s102, the server converts the deep learning model m into a deep learning model m' supported by a deep learning calculation framework in the SGX by using a model import module;
s103, the server places the deep learning model m' in a deep learning model library PoolmodelAnd updating the model index of the deep learning model library.
Preferably, step S2 includes:
s201, RPC server module determines prime number p and primitive root g of the prime number, and uses public key PK of model user terminalaEncrypting the prime number p and the primitive root g, and sending the encrypted prime number and the encrypted primitive root to a model user terminal;
s202, after the model user terminal uses the private key to decrypt and obtain the prime number p and the primitive root g, the random number r is generated1The random number satisfies r is not less than 11P-1 or less, and calculatingThen will beSending to an RPC server module;
s203, the RPC server module generates the random number r by itself2The random number satisfies 1 ≦ r2P-1 and calculatingThen will beSending to a model user terminal;
s204, model user terminal calculationRPC server module computingIf Ka=KbThen K is addedaAnd KbRespectively as communication key between model user terminal and RPC server module。
Preferably, step S3 includes:
s301, model user terminal uses private key SKaData x to be predicted and model label tmSigning to obtain signature signxI.e. by
S302, model user terminal utilizes communication key KaSigning and encrypting data to be predicted to obtain a ciphertext c, namelyAnd sends the ciphertext to the RPC server module.
Preferably, step S4 includes:
s401, RPC server module uses communication key KbDecrypt the ciphertext c, i.e.If the decryption is successful, go to step S402; otherwise, returning error information;
s402, the RPC server module obtains a decryption result (x | | t)m||signx) And use the public key PKaVerifying signature signx(ii) a If the verification is passed, executing step S403; otherwise, returning error information;
s403, RPC server module labels t according to the modelmAnd indexing a deep learning model m ' from a deep learning model library, loading the deep learning model m ' into a GPU video memory and an SGX memory, and taking a decryption result x as the input of the deep learning model m '.
Preferably, the steps S5 and S6 include:
s601, RPC server module in SGX first from the domainIn the selection of a random number riAnd according to the weight matrix WiAnd bias biCalculating a random number riCorresponding linear meterCalculated result uiI.e. ui=Wiri,uiAs a mask; wherein for the ith layer linear operation needing to be outsourced to GPU operation, the weight is mi×niMatrix W ofiOffset is bi;
S602, RPC server module is data x needing linear calculationiPlus a mask uiTo obtainNamely, it isAnd will beSending the data to a GPU acceleration module;
s603, GPU acceleration module pairPerform linear operations, i.e.And will beSending to an RPC server module;
s604, RPC server module willSubtracting the mask uiObtaining a calculation result yiI.e. yi=Wixi+biThe deep learning model will use yiContinuing to perform the next operation; steps S601 to S604 are repeated until the deep learning model prediction process ends.
Preferably, step S7 includes:
s701, RPC server module utilizes private key SKbSigning the prediction result p to obtain a signature signpI.e. by
S702, RPC server module utilizes communication key KbFor the predicted result p and the signature signpEncrypting to obtain ciphertext cpI.e. byAnd c ispSending the data to a model user terminal;
s703, model user terminal uses communication key KaFor ciphertext cpDecrypting to obtain (p | | | signp) Public key PK using RPC server modulebVerifying signature signpAnd ensuring the integrity of the result, and if the verification is successful, indicating that the prediction result is correct.
Compared with the prior art, the invention has the following advantages:
(1) according to the invention, by means of Intel SGX, the deep learning model is operated based on the SGX, so that the confidentiality and the integrity of data in the operation process of the model are ensured, and the confidentiality and the integrity of the model can also be ensured.
(2) The invention signs and encrypts the data between the user and the deep learning, and ensures the confidentiality and the integrity of the data in the transmission process.
(3) The invention sets the model conversion module, so that the deep learning models of different frames can complete prediction under a unified computing frame.
(4) The method utilizes the computing power of the GPU, and accelerates the prediction process of the model by outsourcing the linear operation of the SGX deep learning model to the GPU.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a schematic structural diagram of a secure and efficient deep learning model prediction system based on SGX according to the present invention.
FIG. 2 is a schematic diagram of the SGX of the present invention.
As shown in the figure, the SGX Enclave container is located in a processor reserved memory prm (processor reserved memory), and stores protected data and code, an application program outside the SGX Enclave container cannot directly access data inside the SGX Enclave container, and the application program and the SGX Enclave container can only interact through a predetermined interface of the SGX Enclave container. In addition, system level code also has no access to data and code in the SGX Enclave container. The SGX Enclave can thus guarantee data and code confidentiality and integrity in the system.
Detailed Description
The invention is further illustrated by the following figures and examples.
Referring to fig. 1-2, a safe and efficient deep learning model prediction system based on SGX includes: a model provider terminal, a model user terminal and a server; the server comprises a model import module, a data encryption module, an RPC (remote procedure call) server module and a GPU acceleration module; the model provider terminal is used for sending the deep learning models with different formats to the model import module; the model user terminal is used for agreeing a key with the RPC server module, signing and encrypting data to be predicted according to the agreed key, and sending the encrypted data to be predicted to the RPC server module; the model import module is used for converting deep learning models with different formats uploaded by a model provider terminal into models capable of running on a deep learning calculation frame of the RPC server module according to a deep learning execution frame in the SGX; the data encryption module is used for decrypting encrypted data transmitted to the SGX from the outside and encrypting data output by the SGX from the outside; the RPC server module is a deep learning model RPC server module positioned in the SGX and used for loading the model file obtained by the conversion of the model import module, sending the data input by the user to the deep learning model to obtain a prediction result and returning the prediction result to the user; and the GPU acceleration module is used for finishing linear operation of the deep learning model prediction process.
Wherein, the server is a private server of the model provider, which is a computer physically; the computer can construct SGX Enclave, which is referred to by SGX, and the SGX runs an RPC server module inside, wherein the RPC server module is a software program.
The data encryption module is responsible for encrypting communication data between the server and the model user terminal, and an encryption key is maintained by the SGX, so that the user input data and the model output data are signed and encrypted, and sensitive information leakage is avoided. An RPC (remote Procedure call) server module located inside the SGX is responsible for loading a converted deep learning model, ensuring confidentiality and integrity of the deep learning model in the operation process, decrypting and verifying signature on data of a user, signing and encrypting a prediction result of the deep learning model, and simultaneously providing an interface for interacting with the deep learning model externally, so that the deep learning model in the SGX can conveniently interact data with the outside; the GPU acceleration module is used for completing linear operation of the deep learning model prediction process, so that the whole prediction process of the model is accelerated. And the confidentiality and integrity of data between the GPU acceleration module and an RPC server in the SGX are ensured by a cryptographic method. The invention not only protects the confidentiality and the integrity of data and the model in the running process of the model, but also protects the confidentiality and the integrity of communication data between a user and a deep learning model.
The safe and efficient deep learning model prediction method based on the SGX is suitable for the safe and efficient deep learning model prediction system based on the SGX, and comprises the following steps:
s1, uploading the deep learning model by the model provider terminal through the model import module, and converting the deep learning models with different formats into models which can be executed in the deep learning calculation framework by the model import module according to the deep learning calculation framework in the SGX; specifically, step S1 includes:
s101, uploading the deep learning model m to a server by a model provider terminal;
s102, the server converts the deep learning model m into a deep learning model m' supported by a deep learning calculation framework in the SGX by using a model import module;
s103, the server places the deep learning model m' in a deep learning model library PoolmodelAnd updating the model index of the deep learning model library.
S2, carrying out key agreement between the model user terminal and an RPC server module in the SGX to obtain a communication key, wherein the communication key is used for encrypting data to be predicted provided by the model user terminal and a prediction result of a deep learning model in the SGX; specifically, step S2 includes:
s201, RPC server module determines prime number p and primitive root g of the prime number, and uses public key PK of model user terminalaEncrypting the prime number p and the primitive root g, and sending the encrypted prime number p and the encrypted primitive root g to a model user terminal; and the RPC server module locally runs a prime number generation algorithm to generate a prime number p. There is a theorem in the theory of numbers: assuming p is an odd prime number, the primitive root modulo p exists. In this case, the primitive root g of p can be directly obtained by using the primitive root solving algorithm. The public key of the model user terminal is disclosed to the outside, and the RPC server module directly asks for the public key.
S202, after the model user terminal uses the private key to decrypt and obtain the prime number p and the primitive root g, the random number r is generated1The random number satisfies r is not less than 11P-1 or less, and calculatingThen will beSending to an RPC server module; the model user terminal has its own private key, and for data encrypted by its own public key, it can decrypt it using its own private key.
S203, the RPC server module generates the random number r by itself2The random number satisfies 1 ≦ r2P-1 and calculatingThen will beIs sent to the dieA type user terminal;
s204, model user terminal calculationRPC server module computingIf Ka=KbThen K is addedaAnd KbRespectively as a communication key between the model user terminal and the RPC server module.
Wherein, Mod is a modulus operation,variable representation generation of communication key KbAs a result of the intermediate results in the process,variable representation generation of communication key KaIntermediate results in the process.Where g is the generator within the group, mod is the modulo operation, r1Is a random number.
S3, the model user terminal signs and encrypts the data to be predicted by using the communication key, and then sends the encrypted data to the RPC server module, wherein the step S3 specifically comprises the following steps:
s301, model user terminal uses private key SKaData x to be predicted and model label tmSigning to obtain signature signxI.e. by
S302, model user terminal utilizes communication key KaSigning and encrypting data to be predicted to obtain a ciphertext c, namelyAnd sends the ciphertext to the RPC server module.
S4, the RPC server module decrypts the encrypted data by using the communication key to obtain plaintext data, and then verifies the signature; if the verification is passed, the plaintext data is input into the deep learning model; specifically, step S4 includes:
s401, RPC server module uses communication key KbDecrypt the ciphertext c, i.e.If the decryption is successful, go to step S402; otherwise, returning error information;
s402, the RPC server module obtains a decryption result (x | | t)m||signx) (plaintext data) and uses the public key PKaVerifying signature signx(ii) a If the verification is passed, executing step S403; otherwise, returning error information;
s403, RPC server module labels t according to the modelmAnd indexing a deep learning model m ' from a deep learning model library, loading the deep learning model m ' into a GPU video memory and an SGX memory, and taking a decryption result x as the input of the deep learning model m '. Wherein, tmIs used to index the model. signxIt is a signature for verification.
S6, the GPU acceleration module receives the data which is sent by the RPC server module and added with the mask, and after the data is subjected to linear operation, the GPU acceleration module returns the data to the RPC server module; the RPC server module removes masks from the data, sends the data to the deep learning model, performs the next operation, and repeats the step S6 until the model prediction is finished; specifically, steps S5 and S6 include:
s601, RPC server module in SGX first from the domainIn the selection of a random number riAnd according to the weight matrix WiAnd bias biCalculating a random number riCorresponding linear calculation result uiI.e. ui=Wiri,uiAs a mask; wherein for needs other thanThe ith layer of linear operation wrapped to GPU operation with weight of mi×niMatrix W ofiOffset is bi;
S602, RPC server module is data (intermediate result) x which needs to be linearly calculatediPlus a mask uiTo obtainNamely, it isAnd will beSending the data to a GPU acceleration module;
s603, GPU acceleration module pairPerform linear operations, i.e.And will beSending to an RPC server module;
s604, RPC server module willSubtracting the mask uiObtaining a calculation result yiI.e. yi=Wixi+biThe deep learning model will use yiContinuing to perform the next operation; steps S601 to S604 are repeated until the deep learning model prediction process ends.
And S7, the RPC server module signs the prediction result, encrypts the prediction result by using the communication key, returns the encrypted result to the model user terminal, and decrypts the encrypted result and verifies the signature by using the communication key by the model user terminal to obtain the prediction result. Specifically, step S7 includes:
S701、RPC server module utilizes private key SKbSigning the prediction result p to obtain a signature signpI.e. by
S702, RPC server module utilizes communication key KbFor the predicted result p and the signature signpEncrypting to obtain ciphertext cpI.e. cp=EncKb(p||signp) And c ispSending the data to a model user terminal;
s703, model user terminal uses communication key KaFor ciphertext cpDecrypting to obtain (p | | | signp) Public key PK using RPC server modulebVerifying signature signpAnd ensuring the integrity of the result, and if the verification is successful, indicating that the prediction result is correct.
The above-mentioned embodiments are preferred embodiments of the present invention, and the present invention is not limited thereto, and any other modifications or equivalent substitutions that do not depart from the technical spirit of the present invention are included in the scope of the present invention.
Claims (8)
1. A safe and efficient deep learning model prediction system based on SGX is characterized by comprising: a model provider terminal, a model user terminal and a server; the server comprises a model import module, a data encryption module, an RPC server module and a GPU acceleration module;
the model provider terminal is used for sending the deep learning models with different formats to the model import module;
the model user terminal is used for agreeing a key with the RPC server module, signing and encrypting data to be predicted according to the agreed key, and sending the encrypted data to be predicted to the RPC server module;
the model import module is used for converting deep learning models with different formats uploaded by a model provider terminal into models capable of running on a deep learning calculation frame of the RPC server module according to a deep learning execution frame in the SGX;
the data encryption module is used for decrypting encrypted data transmitted to the SGX from the outside and encrypting data output by the SGX from the outside;
the RPC server module is a deep learning model RPC server module positioned in the SGX and used for loading the model file obtained by the conversion of the model import module, sending the data input by the user to the deep learning model to obtain a prediction result and returning the prediction result to the user;
and the GPU acceleration module is used for finishing linear operation of the deep learning model prediction process.
2. A safe and efficient deep learning model prediction method based on SGX is characterized by comprising the following steps:
s1, uploading the deep learning model by the model provider terminal through the model import module, and converting the deep learning models with different formats into models which can be executed in the deep learning calculation framework by the model import module according to the deep learning calculation framework in the SGX;
s2, carrying out key agreement between the model user terminal and an RPC server module in the SGX to obtain a communication key, wherein the communication key is used for encrypting data to be predicted provided by the model user terminal and a prediction result of a deep learning model in the SGX;
s3, the model user terminal signs and encrypts data to be predicted by using the communication key, and then sends the encrypted data to the RPC server module;
s4, the RPC server module decrypts the encrypted data by using the communication key to obtain plaintext data, and then verifies the signature; if the verification is passed, the plaintext data is input into the deep learning model;
s5, performing layer-by-layer calculation on the plaintext data in the deep learning model; when the deep learning model needs to perform linear operation on data, the data is taken out by the RPC server module, and a mask is added;
s6, the GPU acceleration module receives the data which is sent by the RPC server module and added with the mask, and after the data is subjected to linear operation, the GPU acceleration module returns the data to the RPC server module; the RPC server module removes masks from the data, sends the data to the deep learning model, performs the next operation, and repeats the step S6 until the model prediction is finished;
and S7, the RPC server module signs the prediction result, encrypts the prediction result by using the communication key, returns the encrypted result to the model user terminal, and decrypts the encrypted result and verifies the signature by using the communication key by the model user terminal to obtain the prediction result.
3. The SGX-based safe and efficient deep learning model prediction method according to claim 2, wherein the step S1 comprises:
s101, uploading the deep learning model m to a server by a model provider terminal;
s102, the server converts the deep learning model m into a deep learning model m' supported by a deep learning calculation framework in the SGX by using a model import module;
s103, the server places the deep learning model m' in a deep learning model library PoolmodelAnd updating the model index of the deep learning model library.
4. The SGX-based safe and efficient deep learning model prediction method according to claim 3, wherein the step S2 comprises:
s201, RPC server module prime number p, original root g of the prime number, using public key PK of model user terminalaEncrypting the prime number p and the primitive root g, and sending the encrypted prime number p and the encrypted primitive root g to a model user terminal;
s202, after the model user terminal uses the private key to decrypt and obtain the prime number p and the primitive root g, the random number r is generated1The random number satisfies r is not less than 11P-1 or less, and calculatingThen will beSending to an RPC server module;
s203, the RPC server module generates the random number r by itself2The random number satisfies 1 ≦ r2P-1 and calculatingThen will beSending to a model user terminal;
5. The SGX-based safe and efficient deep learning model prediction method according to claim 4, wherein the step S3 comprises:
s301, model user terminal uses private key SKaData x to be predicted and model label tmSigning to obtain signature signxI.e. by
6. The SGX-based safe and efficient deep learning model prediction method according to claim 5, wherein the step S4 comprises:
s401, RPC server module uses communication key KbDecrypt the ciphertext c, i.e.If the decryption is successful, go to step S402; otherwise, returning error information;
s402, the RPC server module obtains a decryption result (x | | t)m||signx) And use the public key PKaVerifying signature signx(ii) a If the verification is passed, executing step S403; otherwise, returning error information;
s403, RPC server module labels t according to the modelmAnd indexing a deep learning model m ' from a deep learning model library, loading the deep learning model m ' into a GPU video memory and an SGX memory, and taking a decryption result x as the input of the deep learning model m '.
7. The SGX-based safe and efficient deep learning model prediction method of claim 6, wherein the steps S5 and S6 comprise:
s601, RPC server module in SGX first from the domainIn the selection of a random number riAnd according to the weight matrix WiAnd bias biCalculating a random number riCorresponding linear calculation result uiI.e. ui=Wiri,uiAs a mask; wherein for the ith layer linear operation needing to be outsourced to GPU operation, the weight is mi×niMatrix W ofiOffset is bi;
S602, RPC server module is data x needing linear calculationiPlus a mask uiTo obtainNamely, it isAnd will beSending the data to a GPU acceleration module;
s603, GPU acceleration module pairPerform linear operations, i.e.And will beSending to an RPC server module;
8. The SGX-based safe and efficient deep learning model prediction method of claim 7, wherein the step S7 comprises:
s701, RPC server module utilizes private key SKbSigning the prediction result p to obtain a signature signpI.e. by
S702, RPC server module utilizes communication key KbFor the predicted result p and the signature signpEncrypting to obtain ciphertext cpI.e. byAnd c ispSending the data to a model user terminal;
s703, model user terminal uses communication key KaFor ciphertext cpDecrypting to obtain (p | | | signp) Public key PK using RPC server modulebVerifying signature signpAnd ensuring the integrity of the result, and if the verification is successful, indicating that the prediction result is correct.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010338636.2A CN111582496B (en) | 2020-04-26 | 2020-04-26 | SGX-based safe and efficient deep learning model prediction system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010338636.2A CN111582496B (en) | 2020-04-26 | 2020-04-26 | SGX-based safe and efficient deep learning model prediction system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111582496A true CN111582496A (en) | 2020-08-25 |
CN111582496B CN111582496B (en) | 2023-05-30 |
Family
ID=72120648
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010338636.2A Active CN111582496B (en) | 2020-04-26 | 2020-04-26 | SGX-based safe and efficient deep learning model prediction system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111582496B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112528299A (en) * | 2020-12-04 | 2021-03-19 | 电子科技大学 | Deep neural network model safety protection method in industrial application scene |
CN113591098A (en) * | 2021-06-11 | 2021-11-02 | 浙江大学 | Remote secure heterogeneous computing method and system based on SGX |
CN115543587A (en) * | 2022-11-29 | 2022-12-30 | 暨南大学 | Service life driven OpenCL application scheduling method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107066791A (en) * | 2016-12-19 | 2017-08-18 | 银江股份有限公司 | A kind of aided disease diagnosis method based on patient's assay |
CN108712260A (en) * | 2018-05-09 | 2018-10-26 | 曲阜师范大学 | The multi-party deep learning of privacy is protected to calculate Proxy Method under cloud environment |
CN109308418A (en) * | 2017-07-28 | 2019-02-05 | 阿里巴巴集团控股有限公司 | A kind of model training method and device based on shared data |
CN109684855A (en) * | 2018-12-17 | 2019-04-26 | 电子科技大学 | A kind of combined depth learning training method based on secret protection technology |
-
2020
- 2020-04-26 CN CN202010338636.2A patent/CN111582496B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107066791A (en) * | 2016-12-19 | 2017-08-18 | 银江股份有限公司 | A kind of aided disease diagnosis method based on patient's assay |
CN109308418A (en) * | 2017-07-28 | 2019-02-05 | 阿里巴巴集团控股有限公司 | A kind of model training method and device based on shared data |
CN108712260A (en) * | 2018-05-09 | 2018-10-26 | 曲阜师范大学 | The multi-party deep learning of privacy is protected to calculate Proxy Method under cloud environment |
CN109684855A (en) * | 2018-12-17 | 2019-04-26 | 电子科技大学 | A kind of combined depth learning training method based on secret protection technology |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112528299A (en) * | 2020-12-04 | 2021-03-19 | 电子科技大学 | Deep neural network model safety protection method in industrial application scene |
CN112528299B (en) * | 2020-12-04 | 2022-03-04 | 电子科技大学 | Deep neural network model safety protection method in industrial application scene |
CN113591098A (en) * | 2021-06-11 | 2021-11-02 | 浙江大学 | Remote secure heterogeneous computing method and system based on SGX |
CN113591098B (en) * | 2021-06-11 | 2024-03-26 | 浙江大学 | SGX-based remote secure heterogeneous computing method and system |
CN115543587A (en) * | 2022-11-29 | 2022-12-30 | 暨南大学 | Service life driven OpenCL application scheduling method and system |
CN115543587B (en) * | 2022-11-29 | 2023-03-07 | 暨南大学 | Service life driven OpenCL application scheduling method and system |
Also Published As
Publication number | Publication date |
---|---|
CN111582496B (en) | 2023-05-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10944751B2 (en) | Generating cryptographic function parameters from compact source code | |
CN110363030A (en) | For executing the method and processing equipment of the Password Operations based on lattice | |
CN111582496B (en) | SGX-based safe and efficient deep learning model prediction system and method | |
US11316665B2 (en) | Generating cryptographic function parameters based on an observed astronomical event | |
US20100115260A1 (en) | Universal secure token for obfuscation and tamper resistance | |
CN111901111B (en) | SM9 key generation method, device and system and readable storage medium | |
CN111131278A (en) | Data processing method and device, computer storage medium and electronic equipment | |
US10079675B2 (en) | Generating cryptographic function parameters from a puzzle | |
US11902432B2 (en) | System and method to optimize generation of coprime numbers in cryptographic applications | |
WO2015008607A1 (en) | Decoding device, decoding ability providing device, method thereof, and program | |
CN116170131B (en) | Ciphertext processing method, ciphertext processing device, storage medium and trusted execution device | |
CN113055153A (en) | Data encryption method, system and medium based on fully homomorphic encryption algorithm | |
US20230141210A1 (en) | Neural networks | |
CN111314051B (en) | Encryption and decryption method and device | |
CN115460020B (en) | Data sharing method, device, equipment and storage medium | |
KOTEL et al. | A Data Security Algorithm for the Cloud Computing based on Elliptic Curve Functions and Sha3 Signature | |
Eshghi et al. | Security Enhancement of Wireless Sensor Networks: A Hybrid Efficient Encryption Algorithm Approach | |
JP6267657B2 (en) | Safety enhancement method, safety enhancement system, safety enhancement device, verification device, and program | |
CN116614275B (en) | Method for entrusting acceleration of privacy computing integrated machine | |
CN114726543B (en) | Key chain generation and message sending and receiving methods and devices based on message chain | |
US8295480B1 (en) | Uncertainty-based key agreement protocol | |
CN118174967A (en) | Information verification method and related equipment | |
CN118249992A (en) | White-box disciplinable inner product function encryption method and system | |
CN117395034A (en) | Block chain user privacy protection method based on trusted computing | |
Wan et al. | ACMHS: Efficient access control for mobile health care system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |